Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: Collect Logs to Troubleshoot SPLUNK SIEM Connector Issues

Cb Defense: Collect Logs to Troubleshoot SPLUNK SIEM Connector Issues

Version

Cb Defense (formerly Confer) - All

Topic

This document provides information on how to collect logs to troubleshoot SPLUNK SIEM Connector issues

Splunk SIEM Connector Troubleshooting

Note:

This is not typically requested by support to the customer, but if this change can be made by a System Admin, it will facilitate faster troubleshooting if this can be done and logs can be provided.

LINUX SIEM Connector:

Debug Log:

On the confer_connector.py:

/opt/splunk/etc/apps/confer_connector/bin/confer_connector.py

Modify

DEBUG_MODE = False

to

DEBUG_MODE = True

Note:

SPLUNK_HOME environment variable is normally set by default to:

/opt/splunk

The log files are located in:

Confer Connector log file

$SPLUNK_HOME/var/log/splunk/confer_connector.log

Cb Defense Add-On for Splunk log file

$SPLUNK_HOME/var/log/splunk/ta-cb_defense_cbdefense_XXXX.log, ta-cb_defense_cbdefense_XXXX.log.1, ta-cb_defense_cbdefense_XXXX.log.2, etc..

Windows SIEM Connector:

The Log Level is set to Info by default. On the connector script that you downloaded, modify the log level.

Modify

LOG_LEVEL=Info

to

LOG_LEVEL=Verbose

to obtain more verbose connector logs.

The log files are located in:

%WINDOWS_TEMP%\confer_connector.log

Labels (1)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎09-15-2016
Views:
1576